Overview

overview

10

Static

static

7

1ba66f4736...8N.dll

windows7-x64

10

1ba66f4736...8N.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    73s
  • max time network
    74s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16-12-2024 16:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1ba66f4736d0866ffc70e217c4080067ee36d4663f3d1bcb82421b4b98d39b18N.dll

  • Size

    2.6MB

  • MD5

    85699f224b69d34beb334e4d99d766d0

  • SHA1

    e2f33b7967c4849cd9671367b33437a23dd971b6

  • SHA256

    1ba66f4736d0866ffc70e217c4080067ee36d4663f3d1bcb82421b4b98d39b18

  • SHA512

    899011cc168efa4b506888c4dfb9bc4cc10b736a58cc5782c92d5ce7ba963e9f61361ed8821205d333d20de7dc80d46dbf8b0179bea0956b626f9384eab4d1d6

  • SSDEEP

    49152:15H5NODCwCU2vWBSxnlcheUUd+QOnsyFNykwUQlX6NLd:VN4CwUv1xnlBUUdhO9FgjUnH

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxvmprotectworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\1ba66f4736d0866ffc70e217c4080067ee36d4663f3d1bcb82421b4b98d39b18N.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2344
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\1ba66f4736d0866ffc70e217c4080067ee36d4663f3d1bcb82421b4b98d39b18N.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2356
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1952
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2932
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2932 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2776
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3008
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3008 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2720

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3de179168bd193f7547e1488ad2cb24e

    SHA1

    444cda4364b69af49aa426de5d80055d00c1cdd6

    SHA256

    13d951ebd574cd129ddb812799e7a5bc2eed1c4f584c2339425cdbfdef9aff23

    SHA512

    b9631c0a22e3be3e82e03d6bbca248ec149949c5ddb9201f3fe405b7b53e39ddc0abdf219c0f63e32dd0519f281024475c81323295222d7283643b5226b9a94f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cc5394535e46e3dd885a9434083190ab

    SHA1

    46905b1c14068f01106df3c4e1b5cba45800ec18

    SHA256

    d0ab7339b29fc69ef0ec7b6a9ffd3dfc0f91023eac8ed308e0ac90b76b1b91a7

    SHA512

    0a64f924d50ba57a0c0d5f6f07688d3ccdeb8b6e8758b36fdec534cd8b61121495014ad83b31d989a2c1e1552f9f7b2ed4a1745c1775fa2efee3de55524f806e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2fe73edc0bcb477c278a2b5a50214b69

    SHA1

    cfd209e483aa3e8e84f80a56287b480d1e00fea0

    SHA256

    59f998acab37662b6aa8ce65e675e993df41070a07a1ba76a533d3d0ffaca757

    SHA512

    c82436110094b9e43ef86afbd4a12ed01bb3142fc684eef799a55c952e636d8f6e0a87fb84bcb9bee2403915d1c7d4c01b5bc4d5694916fb327a59238a4e943f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a0be82c13fa948cd20a12a247d3b9a37

    SHA1

    d96a1bc6841d675d77d5cbb8277f0878f868e769

    SHA256

    fc9fca7f4a6bcd8524e09986a1295e5601ccb4b1cf6d892d91fe29aae5ba8b09

    SHA512

    e2d7ae454424f8adbff7806b264f3bb4bdb57413814a84110604a32e848531c9081c81b0e80e51652f447fd7617c52aea64d50d5c4a4857fa12bb7b17255dc85

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    38ed43b31fa167ff004a9744e780995c

    SHA1

    3065012908c263f9c1ea110569f9782473093962

    SHA256

    bb1a2e07dd48a566e8bb4f1081bf842f37660d91657c863215dcd3076ac3129e

    SHA512

    d5e4253d16a348a486d8b5541140eed7960b8ea91a101f15c062fd98a48964d23232092a0596e3a242e6673d48d1873ea5cee197dcb9164c73f3093f31d11355

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b12a38ba8545087f7c1acd8952185f39

    SHA1

    240c21563f578c67770128284c4ac59785e52209

    SHA256

    34d3ac6e668f5edf7b69e5dcaa226cf07033bcbe39b34b752893587c125ce097

    SHA512

    be5479203708ca6a8158fc0699c010d1a65c3864a5671a8ceead2fa6805a9d02e05d264da40683d961ed974cb38c7cc3c14ae832466f1711f660da0fdab82a7b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9677fe444831b19f02cc56589f09af0f

    SHA1

    8887bec4fed81e06c755f397168c711b7795913a

    SHA256

    35cc71231d62eb3d9bbdb3087d2acda7b5262d3a97ab82ef1773cf76f7c25926

    SHA512

    7c5953c14ee40b3a3b7ea749d5db1546b2ecb72f9566c5abe0128f724ea33bd98e35539d844e9051f0b439600f28e0236caf65f14f3028712163efaacd4c8563

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1c989d72491f3f364a832465cb76274c

    SHA1

    2d920cc1124c3e87c2012f0dfef18ae70d09bb3a

    SHA256

    3eb44509213fcdfb4c9a0af89a1aa0102a9cb1609ccb6f4ddedd0687021c4145

    SHA512

    3e0c8c8af5f5a2464024e290d31ab60432be70bd923f6af967d2d7c2938c28f418aa94d345e7982bc328f2c3d364dc5396a413f4b8fe1c31eb0d9dc8644f8d4e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f0ecf485d94cb18c983b0942ab6a3bb

    SHA1

    5a87e8a47b1d41588c5a89ba8546d09c5b05e7bc

    SHA256

    cacb55a3f783fc36156c86519b139f180f316eaf912f853b6b9b800b9b4f5661

    SHA512

    541275cee40357ace003ec51d181205167aae9f3efb599530605075e7d64d5df115c6ed50bb0e0428120e96500fc16b9354f11e990965b71b32fee000e9a5a72

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    849afa508aaead38c5fe35418dcfbcf7

    SHA1

    bddfe91a56857d8e9102584134d8592087404608

    SHA256

    eac1295c589c87627dcffccb110017c256638e109d6062574c74971495d43400

    SHA512

    13dbacf8b8de5ca6431090b7101def0bdddafb6dd2bebe246b3876303e75d0c16138d530668390227daacccee7ee4cb0fc8671191be03c8d5aa076d2818c5401

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4619ef095d43aa37a3a4dbd6940af275

    SHA1

    e890b0254858387df9632f77546aa55da8a0d1f7

    SHA256

    5c696e23c73185dd7975c581772e99c8b9f5a4745913bea31a0595f1b8cfe8ec

    SHA512

    f7ccad7993fdcb463ec1571b8629cd7e16e1932db71f9daf2543fda0e0678c8bb37f6f44e242239f0752302716d1de812785c87443de090dbf824b87bb62a0b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    589f0c4e803e3a25d1fbf709e84a935a

    SHA1

    136ed0fa3ababb602f5f1756145c00e7e8a71a8d

    SHA256

    e5558525e3709c2eed5240d1d34113740a0b9e6b1121796fefe4c2568988a94b

    SHA512

    9d34a82a5fc491293595a69b497a90734748fea4fca42cd43fd60751165ab090c13603611260a647486be31c132a77976d6f0591fa1828ae7bf433a484479f81

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7002f09b0f449cdf55f756ae8638c7f2

    SHA1

    4b466a982f9f5b9e50e8652ffba024463b31b59b

    SHA256

    90c08b13701ce44e132ce9e996650e8f2aa69f233aa0f25c271fa95ccbb515dd

    SHA512

    17c8259423d455b6f3a737ba6f674aa01ec7a597fad5712ecb0e60269e8f0e5c72401e378524679e8940f8f0464e0046c9728467edab010adf8be5a4d90410b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5f9fbbf243ae64a2cb313576f124feec

    SHA1

    12928fb0fbf687d8c504dc15c14949357e6be66f

    SHA256

    90f20e4a5b126e34e2246907741de9d2ca4ce4427bd9c4fea13b7c345727bfd7

    SHA512

    de4a92e32306ae046007b7f9b5cea6a982ae5d97eeed4962683528e50a61dc890a51eab232897e117b3c07191e770aa7de9a918c28e244d79b2095307f2bf609

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    74de3ba53d87ffb07da0c32a43e92151

    SHA1

    d2e236ac46c9dd7d7ae882785e67340f545d7d67

    SHA256

    efc79d0018f4ac554f87ed06bb5fd827b2e985aeae73f00991ba1eeec695a98c

    SHA512

    ac31f32ae567f520dd580017cc977c0952a137c76b9890620785e0e63cb9ed8281df20d8383ddf60256d71beb7ace86f639a714aa8179ec1c389e83b35f26ada

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BC5D6A51-BBC9-11EF-9EA5-F2BBDB1F0DCB}.dat
    Filesize

    5KB

    MD5

    8fd45bba37289145502bf232d99c3c67

    SHA1

    b58bfdb2a8c36c23bd32ab8c2de0216631d8f614

    SHA256

    5e867b62ef66cc7745e76ae038240d93bf55f7af649b98c94be04af1af3e5e56

    SHA512

    7cef57123f0561096c74c9df895a72e23cbfbf9221757218bc3d0bd5d9ec4b7fa0f01562e4a149bb7ce9d4d6192bc01994f27522a5e5a04fe28b13540a89c15f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BC5FCBB1-BBC9-11EF-9EA5-F2BBDB1F0DCB}.dat
    Filesize

    4KB

    MD5

    8f3cd7cd951e4b0b818219d46a01c016

    SHA1

    b4bc3fc3ad3f575da0afffc2e5cf04bb312ec5ac

    SHA256

    ccc27cd2caef25accc52757d51c37af589fed64a3d0451b0fa153c26d0ff5f9e

    SHA512

    a1a0787d0e7a15b7ea53dc42dd3ba86ceeb30356568fb984e2ec0b4f4bc149ddebee74ab50c12c4f44c902d2d7be7689a2bef9864b4506dd625751728351d213

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE498.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE556.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    105KB

    MD5

    dfb5daabb95dcfad1a5faf9ab1437076

    SHA1

    4a199569a9b52911bee7fb19ab80570cc5ff9ed1

    SHA256

    54282ec29d4993ed6e9972122cfbb70bba4898a21d527bd9e72a166d7ec2fdc0

    SHA512

    5d31c34403ab5f8db4a6d84f2b5579d4ea18673914b626d78e458a648ac20ddd8e342818e807331036d7bb064f596a02b9737acac42fbead29260343a30717e8

    Download Submit

  • memory/1952-11-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1952-15-0x0000000000320000-0x0000000000321000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1952-14-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1952-21-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1952-18-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1952-17-0x0000000000340000-0x0000000000341000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1952-16-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2356-1-0x0000000010000000-0x00000000102B9000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2356-12-0x0000000000670000-0x00000000006CB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2356-13-0x0000000000670000-0x00000000006CB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2356-23-0x0000000000670000-0x00000000006CB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2356-22-0x0000000000670000-0x00000000006CB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2356-9-0x0000000010000000-0x00000000102B9000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2356-8-0x0000000010000000-0x00000000102B9000-memory.dmp

    Filesize

    2.7MB

    Download